Content

Understanding

IMPORTANT

Make sure that the user group sysop ALWAYS gets the permission read so that sysop users are never locked out of the page Special:WikiAdmin&mode=PermissionManager!

Permissions Management Modes

Permission management can be set to:

Normal or

Lockmode

Ramifications on $wgGroupPermissions directives in LocalSettings.php

$wgGroupPermissions directives in LocalSettings.php are disabled and should be removed.

User Groups

Every user is

if logged in: a member of

zero, one or multiple

system groups (autoreview, bot, bureaucrat, editor, reviewer, sysop)

and/or customer-defined groups

and the user group

if NOT logged in: a member of the * group

How does the Permission Manager work in normal mode?

In a given namespace a group has a permission implicitly enabled (either by inherited setting from user or * or by its own Wiki setting) unless some other group has this permission explicitly enabled for that namespace.In other words: Dear group, if NO other group claims this namespace-specific permission explicitly and you claim it wiki-wide or you inherit it from user or *, then you have it implicitly. If SOME other group claims it explicitly, then you too have to claim it explicitly.

represents an unsaved change which means that this setting will be toggled upon saving ( → / OR / → )

In the Wiki column

means: This permission is explicitly enabled for this group and all namespaces.

means: This permission is implicitly enabled for this group and all namespaces by inheritance from user or *.

In the Namespaces columns

means: This permission is explicitly enabled for this group and namespace and is revoked for all other groups, including user and *. This means that if you want to have this permission enabled for some other groups, you need to explicitly enable it for those groups.

means: This permission is implicitly enabled for this group and namespace by inheritance from user or *.

Wiki and e.g. (Pages) means: This permission has been inherited from user or * but has been revoked by an explicit setting in some other group.

Example

The permission "applychangetags" is explicitly enabled (unchecked green) for group "autoreview" in all namespaces except "User". Why?

That is because while it is implicitly inherited from group "user"…

…it has been enabled explicitly for group "sysop".

Cookbook

All of the following permissions cases are based on the first and fundamental setting (see below):